how to add el code and jstl code to the textbox generated dyanmically like ${fn:escapeXml(param.foo)} as value of textbox.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
how to add el code and jstl code to the textbox generated dyanmically like ${fn:escapeXml(param.foo)} as value of textbox.
That’s not possible. Webbrowser doesn’t understand JSTL and EL code. It only understands HTML/CSS/JS code. This JSTL/EL code has to run in the webserver. Your best bet is to let JavaScript send an Ajax request to the server which in turn runs some JSP with JSTL/EL code and then returns the generated HTML response and finally let JavaScript display that HTML.
If your sole functional requirement is to HTML/XML-encode a JavaScript variable as
fn:escapeXml()does for JSP, then head to the answers of this question: HTML-encoding lost when attribute read from input field.Please note that there is no XSS risk as long as the data is stored fully client side. Once you send the data to server and the server stores it and redisplays it to another enduser, then there’s means of a XSS risk. For that
fn:escapeXml()in JSP can just be used since it’s the server which redisplays it.